routing for multiple isp's and portforwarding

From: Joni (joni_at_nospam.local)
Date: 11/17/05 

Date: Thu, 17 Nov 2005 11:58:07 +0100

Hi all,

I have a linux machine that acts as a router for a LAN. the machine has
3 interfaces connected to it: one LAN and two isp connections. The setup
is something similar as the lartc (see
http://lartc.org/howto/lartc.rpdb.multiple-links.html), differing only
in that I setup the regular main routing table and only one additional
table (not two).

The routing is setup in such a way that an incoming connection through
isp1 is answered through external interface 1 and an incoming connection
through isp2 is answered through external interface 2, which works great!

However, I need to forward (nat), for instance, port 25 for both
incoming isp lines to a mailserver on the LAN with a local ip address.
For the main routing table I would do this with iptables similar like this:

iptables -t nat -A PREROUTING -p TCP -d $ext_ip --dport 25 -j DNAT --to
192.168.0.2

However for the alternative table this doesn't work, since the packets
won't go through the routing table. I thought of using a POSTROUTING
table, but that wont work either, because I assume once it has gone
through the routing table the source address will be a local IP address
(192.168.0.1 from the router) and it won't be able to distuingish
through what isp connection to send it to...

Does anyone know a solution for this?

Thanks,
Jonathan

Relevant Pages

  • Re: Site-to-Site VPN client routing question - clients at branch office not able to acce
    ... it is just a matter of checking the routing tables. ... Your DC might only have one NIC, but as soon as your VPN connection is made it has two IP addresses, so you get all sorts of problems. ... On the RRAS server at HQ, configure a demand-dial interface. ... On the RRAS server in Shanghai, configure a demand-dial interface and give it a static route to 194.1.1.0/24 as above. ...
    (microsoft.public.windows.server.networking)
  • Re: Two Networks on one System
    ... On the assumption that A and B are completely disconnected, then the only solution for this problem that I know of is to do policy-based routing using the source address or interface to make routing decisions, rather than using solely the destination address. ... there are two different ISP providing access to two different interfaces. ... If there is only a master DNS on the server, then I guess the worst thing that could happen would be strange timeouts and connection reset. ...
    (freebsd-questions)
  • Re: Scipt Establishment of VPN Connection using JScript
    ... Refer to the section "To Create a Two-way VPN Connection to the Remote ... This talks about how to associate an interface with a routing entry ...
    (microsoft.public.win2000.ras_routing)
  • Re: strange problem connecting 2 linux boxes
    ... If you assume that the second connection is meaningful and the 192.168.0.1 ... host's interface and routing didn't change before that connection then ... I think that may be true - or traffic from the second subnet and routing ... > Linux hosts) with: ...
    (comp.os.linux.networking)
  • routing for multiple isps and portforwarding
    ... one LAN and two isp connections. ... The routing is setup in such a way that an incoming connection through ... through isp2 is answered through external interface 2, ...
    (alt.os.linux)